In Microsoft Defender Advanced Threat Protection, the Raw Data Streaming API can ship event information directly to Azure storage for long-term data retention, or to Azure Event Hubs for consumption by visualization services or data processing engines. It does both through low latency, high throughput delivery mechanism that offers real-time events and alerts from instances in a single data stream. For more tips like this, check out the working remotely playlist at www.youtube.com/FoetronAcademy . Also, if you need any further assistance then you can raise a support ticket and get it addressed.